Clean file path names on file creation (#624)
This commit is contained in:
Thomas Miceli
@@ -24,11 +24,6 @@ func Create(ctx *context.Context) error {
|
||||
func ProcessCreate(ctx *context.Context) error {
|
||||
isCreate := ctx.Request().URL.Path == "/"
|
||||
|
||||
err := ctx.Request().ParseForm()
|
||||
if err != nil {
|
||||
return ctx.ErrorRes(400, ctx.Tr("error.bad-request"), err)
|
||||
}
|
||||
|
||||
dto := new(db.GistDTO)
|
||||
var gist *db.Gist
|
||||
|
||||
@@ -39,25 +34,24 @@ func ProcessCreate(ctx *context.Context) error {
|
||||
ctx.SetData("htmlTitle", ctx.TrH("gist.edit.edit-gist", gist.Title))
|
||||
}
|
||||
|
||||
if err := ctx.Bind(dto); err != nil {
|
||||
err := ctx.Bind(dto)
|
||||
if err != nil {
|
||||
return ctx.ErrorRes(400, ctx.Tr("error.cannot-bind-data"), err)
|
||||
}
|
||||
|
||||
dto.Files = make([]db.FileDTO, 0)
|
||||
fileCounter := 0
|
||||
|
||||
names := ctx.Request().PostForm["name"]
|
||||
contents := ctx.Request().PostForm["content"]
|
||||
names := dto.Name
|
||||
contents := dto.Content
|
||||
|
||||
// Process files from text editors
|
||||
for i, content := range contents {
|
||||
if content == "" {
|
||||
continue
|
||||
}
|
||||
name := names[i]
|
||||
name := git.CleanTreePathName(names[i])
|
||||
if name == "" {
|
||||
fileCounter += 1
|
||||
name = "gistfile" + strconv.Itoa(fileCounter) + ".txt"
|
||||
name = "gistfile" + strconv.Itoa(len(dto.Files)+1) + ".txt"
|
||||
}
|
||||
|
||||
escapedValue, err := url.PathUnescape(content)
|
||||
@@ -72,8 +66,8 @@ func ProcessCreate(ctx *context.Context) error {
|
||||
}
|
||||
|
||||
// Process uploaded files from UUID arrays
|
||||
fileUUIDs := ctx.Request().PostForm["uploadedfile_uuid"]
|
||||
fileFilenames := ctx.Request().PostForm["uploadedfile_filename"]
|
||||
fileUUIDs := dto.UploadedFilesUUID
|
||||
fileFilenames := dto.UploadedFilesNames
|
||||
if len(fileUUIDs) == len(fileFilenames) {
|
||||
for i, fileUUID := range fileUUIDs {
|
||||
filePath := filepath.Join(filepath.Join(config.GetHomeDir(), "uploads"), fileUUID)
|
||||
@@ -82,8 +76,13 @@ func ProcessCreate(ctx *context.Context) error {
|
||||
continue
|
||||
}
|
||||
|
||||
name := git.CleanTreePathName(fileFilenames[i])
|
||||
if name == "" {
|
||||
name = "gistfile" + strconv.Itoa(len(dto.Files)+1) + ".txt"
|
||||
}
|
||||
|
||||
dto.Files = append(dto.Files, db.FileDTO{
|
||||
Filename: fileFilenames[i],
|
||||
Filename: name,
|
||||
SourcePath: filePath,
|
||||
Content: "", // Empty since we're using SourcePath
|
||||
})
|
||||
@@ -91,11 +90,11 @@ func ProcessCreate(ctx *context.Context) error {
|
||||
}
|
||||
|
||||
// Process binary file operations (edit mode)
|
||||
binaryOldNames := ctx.Request().PostForm["binary_old_name"]
|
||||
binaryNewNames := ctx.Request().PostForm["binary_new_name"]
|
||||
binaryOldNames := dto.BinaryFileOldName
|
||||
binaryNewNames := dto.BinaryFileNewName
|
||||
if len(binaryOldNames) == len(binaryNewNames) {
|
||||
for i, oldName := range binaryOldNames {
|
||||
newName := binaryNewNames[i]
|
||||
newName := git.CleanTreePathName(binaryNewNames[i])
|
||||
|
||||
if newName == "" { // deletion
|
||||
continue
|
||||
|
||||
Reference in New Issue
Block a user